It seems that four ports can be accessed and made available by “any application” without authentication, as well as establishing control of the WiMAX radio. Vulnerability to surreptitious data sessions, malware, and viruses are not only possible, but don’t appear to be very difficult, given the nature of the vulnerability.
The video below demonstrates TrevE’s proof-of-concept reproducing the exploit, and not being a developer/programmer, it doesn’t mean much to me, though it is a bit alarming. I will definitely be alerting my friends with HTC handsets who are on Sprint 4G.
By my calculations, the following phones are potentially impacted:
It is unclear at this time whether the Evo View 4G is affected.
A patch (though not released by HTC) is available from the XDA forum post below.
Source: XDA and InfectedROM by way of Phandroid
